Professional Documents
Culture Documents
NET201 Lab Experiment # 1 - Configuring Cisco Switch Security Features
NET201 Lab Experiment # 1 - Configuring Cisco Switch Security Features
NET201 Lab Experiment # 1 - Configuring Cisco Switch Security Features
GRADE
Objectives:
Materials:
Scenario:
It is quite common to lock down access and install strong security features
on PCs and servers. It is important that your network infrastructure devices, such
as switches and routers, are also configured with security features.
In this lab, you will follow some best practices for configuring security
features on LAN switches. You will also configure and verify port security to lock
out any device with a MAC address not recognized by the switch.
PROCEDURES
Router> en
Router# sh run
In Switch DCE
Switch> en
Switch# sh run
7. Issue the show vlan command on DCE_SW. What is the status of VLAN 99?
________________________________________________________________
DCE_SW# conf t
DCE_SW(config)# int fa0/1
DCE_SW(config-if)# switchport mode access
DCE_SW(config-if)# switchport access vlan 99
DCE_SW(config-if)# int fa0/2
DCE_SW(config-if)# switchport mode access
DCE_SW(config-if)# switchport access vlan 99
DCE_SW(config-if)# end
DCE_SW# copy run start
DCE_SW#
10. Issue the show ip interface brief command on DCE_SW. What is the
status and protocol showing for interface VLAN 99? Note: There may be a delay
while the port states converge.
________________________________________________________________
a. From DCE-PC, ping the default gateway address on DCE_RTR. Were your pings
successful?
________________________________________________________________
b. From DCE-PC, ping the DCE-Students address of DCE_SW. Were your pings
successful?
________________________________________________________________
c. From DEC_SW, ping the default gateway address on DCE_RTR. Were your
pings successful?
________________________________________________________________
d. From DCE-PC, open a web browser and go to http://192.168.10.99. If you are
prompted for a username and password, leave the username blank and use
dcesilver for the password. If you are prompted for a secured connection,
answer No. Were you able to access the web interface on DCE_SW?
________________________________________________________________
e. Close the browser.
Note: The non-secure web interface (HTTP server) on a Cisco 2960 switch is
enabled by default. A common security measure is to disable this service, as
described in Task 3.
Task 3. Configure and Verify Security Features on DCE_SW.
c. Shut down all unused physical ports on the switch. Use the interface range
command.
DCE_SW> en
DCE_SW# conf t
DCE_SW(config)# int range fa0/3-24
DCE_SW(config-if-range)# shutdown
DCE_SW(config-if-range)# int range g0/1-2
DCE_SW(config-if-range)# shutdown
DCE_SW(config-if-range)# end
DCE_SW#
d. Issue the show ip interface brief command on DCE_SW. What is the status
of ports Fa0/3 to Fa0/24?
____________________________________________________________________
b. From the DCE_SW CLI, issue a show mac address-table command from user EXEC
mode. Find the dynamic entries for ports Fa0/1 and Fa0/2. Record them below.
Fa0/1 MAC Address :____________________________________________
Fa0/2 MAC Address :____________________________________________
a. From the DCE_SW CLI, enter interface configuration mode for the port that connects
to DCE_RTR.
DCE_SW> en
DCE_SW# conf t
DCE_SW(config)# interface fa0/1
DCE_SW(config-if)# shutdown
d. Configure a static entry for the MAC address of DCE_RTR G0/0 interface recorded in
step 3a.
DCE_SW(config-if)# switchport port-security mac-address
xxxx.xxxx.xxxx
(xxxx.xxxx.xxxx is the actual MAC address of the router G0/0 interface)
7. Configure a new MAC address for the interface, using aaaa.bbbb.cccc as the
address.
8. If possible, have a console connection open on DCE_SW at the same time that
you do the next two steps. You will eventually see messages displayed on the
console connection to DCE_SW indicating a security violation. Enable the G0/0
interface on DCE_RTR.
DCE_RTR(config-if)# no shutdown
9. From DTE_RTR privileged EXEC mode, ping DCE-PC. Was the ping
successful? Why or why not?
___________________________________________________________________
10. On the switch, verify port security with the following commands.
DCE_SW> en
DCE_SW# show port-security
DCE_SW# show port-security interface fa0/1
DCE_SW# show interface fa0/1
DCE_SW# show port-security address
11. On the DCE router, shut down the G0/0 interface, remove the hard-coded MAC
address from the router, and re-enable the G0/0 interface.
DCE_RTR> en
DCE_RTR# conf t
DCE_RTR(config)# int g0/0
DCE_RTR(config-if)# shutdown
DCE_RTR(config-if)# no mac-address aaaa.bbbb.cccc
DCE_RTR(config-if)# no shutdown
DCE_RTR(config-if)# end
DCE_RTR#
12. From DCE_RTR, ping DCE-PC again at 192.168.10.3. Was the ping successful?
___________________________________________________________________
13. On the switch, issue the show interface fa0/1 command to determine the
cause of ping failure. Record your findings.
DCE_SW> en
DCE_SW# show interface fa0/1
____________________________________________________________
16. From the DCE_RTR command prompt, ping DCE-PC again. The ping should be
successful?
________________________________________________________________
Task 1. Set Up the Topology and Initialize Devices (CLI commands, results, or
answers to some question)
NOTE: Discussion must be based on the data gathered from data results or
observation supported by review of literature with proper reference or author in-
text citation in APA format. Do not copy-paste instead paraphrase it. Data
analysis must be minimum of 2 pages.
QUESTIONS AND ANSWERS
Questions:
Answers:
CONCLUSION
Books:
Andreasen, N. C. (2001). Brave new brain: Conquering mental illness in the era
of the genome. Oxford, England: Oxford University Press.
Copstead, L., & Banasik, J. (2005). Pathophysiology (3rd ed.). Philadelphia, PA:
Saunders.
Electronic Books:
Atkin, M. (Reporter). (2008, November 13). Bermagui forest disputed turf. The
Hack Half Hour. Retrieved from http://www.abc.net.au/triplej/hack/notes/
Cooper, D. (2009, March 31). Native ant may stop toad in its tracks. ABC
Science. Retrieved August 15, 2017 from http://www.abc.net.au/science/articles/
2009/03/31/2530686.htm?site=science&topic=latest
Print Journals:
Potente, S., Anderson, C., & Karim, M. (2011). Environmental sun protection and
supportive policies and practices: An audit of outdoor recreational settings in
NSW coastal towns. Health Promotion Journal of Australia, 22, 97-101.
Electronic Journals: